Fake “Court Notice” Text Scam Spreads Across the US, Tricking Victims via QR Code Phishing

Introduction

A new wave of mobile scams is rapidly spreading across the United States, targeting unsuspecting individuals with alarming messages that appear to come from official court systems. Disguised as urgent legal notices, these fraudulent texts are designed to create panic and force quick action. By combining psychological pressure with clever technical tricks like QR codes and CAPTCHA verification, scammers are evolving their tactics to bypass traditional defenses and exploit human trust more effectively than ever before.

Summary of the Original

A newly discovered phishing campaign is targeting mobile users across multiple U.S. states by sending fake “Notice of Default” messages that impersonate state courts. These scam messages claim that the recipient has an outstanding traffic violation tied to their vehicle and warn that the issue has escalated to a formal enforcement stage. Victims are told they must either pay immediately or risk appearing in court, creating a sense of urgency and fear.

Unlike earlier scams from 2025 that pretended to be toll agencies and included direct phishing links, this new variation uses a more sophisticated approach. The message contains an image that mimics an official court notice, complete with formal language and branding. Embedded within the image is a QR code, which recipients are instructed to scan to resolve the alleged violation.

Reports indicate that this campaign has affected residents in several states, including New York, California, North Carolina, Illinois, Virginia, Texas, Connecticut, and New Jersey. One example claims to come from the “Criminal Court of the City of New York,” stating that the recipient has unpaid toll or parking violations requiring immediate attention.

When the QR code is scanned, users are first directed to an intermediary website that presents a CAPTCHA challenge. This step is not meant for security but to evade automated detection tools used by cybersecurity researchers. Once the CAPTCHA is completed, victims are redirected to a phishing website impersonating a state DMV or similar government agency.

These fake websites claim that the user owes a small fee, typically $6.99, which appears harmless and believable. However, proceeding to pay requires entering sensitive personal information, including full name, address, phone number, email, and eventually credit card details.

The primary goal of this scam is data harvesting rather than the small payment itself. Once collected, the stolen information can be used for identity theft, financial fraud, or sold to other cybercriminal groups. It can also fuel further phishing attacks, making victims more vulnerable in the future.

Authorities and state agencies have repeatedly warned that they do not request payments or sensitive information through unsolicited text messages. As a general safety rule, any unexpected message demanding immediate payment should be treated with suspicion and ignored.

What Undercode Say:

This campaign highlights a critical shift in phishing tactics, moving away from traditional links toward QR code-based attacks, often referred to as “quishing.” By embedding malicious links inside QR codes, attackers effectively bypass many security filters that are designed to detect suspicious URLs in plain text. This method also leverages user behavior, as people tend to trust QR codes, especially when presented in official-looking formats.

The use of urgency and legal threats is a classic social engineering technique, but its combination with visual elements like fake court documents significantly increases credibility. People are more likely to trust something that looks like a scanned official notice rather than a plain text message. This visual deception reduces skepticism and encourages immediate compliance.

Another notable tactic is the use of CAPTCHA systems as a defensive layer against cybersecurity analysis. While CAPTCHA is typically used to block bots, here it serves the opposite purpose, preventing automated systems from scanning and flagging malicious content. This indicates that attackers are becoming more aware of how security tools operate and are actively designing campaigns to evade them.

The small payment amount of $6.99 is also strategic. It is low enough to avoid suspicion but high enough to justify entering payment details. More importantly, the attackers are not primarily interested in the money. Their real objective is the collection of personal and financial data, which has far greater value in underground markets.

This scam also demonstrates how attackers scale operations geographically. By tailoring messages to specific states and referencing local agencies, they increase the likelihood of success. Localization adds a layer of authenticity that generic phishing campaigns often lack.

From a defensive standpoint, this campaign exposes a gap in user awareness. Many people are still unfamiliar with QR-based threats and may not realize that scanning a code can be just as dangerous as clicking a malicious link. Security education has not fully caught up with these evolving tactics.

Organizations and individuals need to rethink their approach to mobile security. Traditional advice such as “don’t click suspicious links” must now extend to “don’t scan unknown QR codes.” Additionally, mobile devices should be treated as high-risk endpoints, given how frequently they are used for both personal and financial activities.

The broader implication is that phishing is no longer just a technical problem but a behavioral one. Attackers are investing more in understanding human psychology than in developing complex malware. This makes awareness and training just as important as technological defenses.

Finally, the campaign underscores the importance of verifying any legal or financial claims through official channels. Instead of reacting to a message, users should independently contact the relevant agency using trusted sources. This simple step can effectively neutralize most phishing attempts.

Fact Checker Results

✅ State agencies in the U.S. do not request payments via unsolicited SMS messages.
✅ QR code phishing, also known as quishing, is a documented and rising threat.
❌ The $6.99 fee is not a legitimate or standard traffic violation charge in any state.

Prediction

🔮 QR code-based phishing attacks will increase significantly as attackers exploit gaps in user awareness.
🔮 Future scams will likely incorporate AI-generated visuals to make fake notices even more convincing.
🔮 Mobile-first phishing will become the dominant attack vector, surpassing traditional email scams.